Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def buildSignedUrl(self, methodName, *args, **kwargs):
""" Build a signed URL. This URL contains the credentials needed to access
a resource."""
if 'expiration' in kwargs:
expiration = kwargs['expiration']
del kwargs['expiration']
else:
expiration = self.options['signedUrlExpiration']
expiration = int(time.time() + expiration) # Mainly so that we throw if it's not a number
requestUrl = self.buildUrl(methodName, *args, **kwargs)
if not self._hasCredentials():
raise exceptions.TaskclusterAuthFailure('Invalid Hawk Credentials')
clientId = utils.toStr(self.options['credentials']['clientId'])
accessToken = utils.toStr(self.options['credentials']['accessToken'])
def genBewit():
# We need to fix the output of get_bewit. It returns a url-safe base64
# encoded string, which contains a list of tokens separated by '\'.
# The first one is the clientId, the second is an int, the third is
# url-safe base64 encoded MAC, the fourth is the ext param.
# The problem is that the nested url-safe base64 encoded MAC must be
# base64 (i.e. not url safe) or server-side will complain.
# id + '\\' + exp + '\\' + mac + '\\' + options.ext;
resource = mohawk.base.Resource(
credentials={
'id': clientId,
'artifact': 'project/gecko/android-ndk/android-ndk.tar.xz',
'namespace': 'gecko.cache.level-1.toolchains.v2.linux64-android-ndk-linux-repack.latest'
}
]
for element in jobs:
namespace = element['namespace']
artifact = element['artifact']
# on staging buildSignedUrl will fail, because the artifacts are downloaded from
# a proxy, therefore we need to use buildUrl in case the signed version fails
try:
artifact_url = index.buildSignedUrl('findArtifactFromTask',
indexPath=namespace,
name=artifact,
expiration=7200)
except taskcluster.exceptions.TaskclusterAuthFailure:
artifact_url = index.buildUrl('findArtifactFromTask',
indexPath=namespace,
name=artifact)
target = os.path.join(
os.environ['MOZBUILD_STATE_PATH'],
os.path.basename(artifact).split('.')[0],
)
logger.info('Downloading {}.'.format(artifact))
cli_common.utils.retry(lambda: download(artifact_url, target))
if not os.path.exists(target):
raise AnalysisException('artifact', 'Setup failed for {}'.format(target))
try:
data = response.json()
except:
pass # Ignore JSON errors in error messages
# Find error message
message = "Unknown Server Error"
if isinstance(data, dict):
message = data.get('message')
else:
if status == 401:
message = "Authentication Error"
elif status == 500:
message = "Internal Server Error"
# Raise TaskclusterAuthFailure if this is an auth issue
if status == 401:
raise exceptions.TaskclusterAuthFailure(
message,
status_code=status,
body=data,
superExc=None
)
# Raise TaskclusterRestFailure for all other issues
raise exceptions.TaskclusterRestFailure(
message,
status_code=status,
body=data,
superExc=None
)
# Try to load JSON
try:
return response.json()
LOG.debug("Contents of new task: (Limit 1024 char)")
LOG.debug(str(task)[:1024])
if not dry_run:
LOG.info("Attempting to schedule new task with task_id: {}".format(new_task_id))
result = queue.createTask(new_task_id, task)
LOG.debug(json.dumps(result))
LOG.info("{}/task-inspector/#{}".format(TASKCLUSTER_TOOLS_HOST, new_task_id))
else:
LOG.info("Dry-run mode: Nothing was retriggered.")
except taskcluster_client.exceptions.TaskclusterRestFailure as e:
traceback.print_exc()
new_task_id = -1
except taskcluster_client.exceptions.TaskclusterAuthFailure as e:
# Hack until we fix it in the issue
if str(e) == "Authorization Failed":
LOG.error("The taskclaster client that you specified is lacking "
"the right set of scopes.")
LOG.error("Run this same command with --debug and you will see "
"the missing scopes (the output comes from the "
"taskcluster python client)")
elif str(e) == "Authentication Error":
LOG.error("Make sure that you create permanent credentials and you "
"set these environment variables: TASKCLUSTER_CLIENT_ID & "
"TASKCLUSTER_ACCESS_TOKEN")
new_task_id = -1
return new_task_id
o.update(_defaultConfig)
if options:
o.update(options)
if not o.get('rootUrl'):
raise exceptions.TaskclusterFailure('rootUrl option is required')
credentials = o.get('credentials')
if credentials:
for x in ('accessToken', 'clientId', 'certificate'):
value = credentials.get(x)
if value and not isinstance(value, six.binary_type):
try:
credentials[x] = credentials[x].encode('ascii')
except Exception:
s = '%s (%s) must be unicode encodable' % (x, credentials[x])
raise exceptions.TaskclusterAuthFailure(s)
self.options = o
if 'credentials' in o:
log.debug('credentials key scrubbed from logging output')
log.debug(dict((k, v) for k, v in o.items() if k != 'credentials'))
if session:
self.session = session
else:
self.session = self._createSession()
if add_self:
new_dependencies.append(decision_task_id)
task["dependencies"] = new_dependencies
tasks.append((task_id, task))
# Now sends them
queue = taskcluster.Queue(options)
try:
for task_id, task_payload in tasks:
queue.createTask(task_id, task_payload)
print(f"https://community-tc.services.mozilla.com/tasks/groups/{task_group_id}")
except taskcluster.exceptions.TaskclusterAuthFailure as e:
print(f"TaskclusterAuthFailure: {e.body}", file=sys.stderr)
raise
o.update(_defaultConfig)
if options:
o.update(options)
if not o.get('rootUrl'):
raise exceptions.TaskclusterFailure('rootUrl option is required')
credentials = o.get('credentials')
if credentials:
for x in ('accessToken', 'clientId', 'certificate'):
value = credentials.get(x)
if value and not isinstance(value, six.binary_type):
try:
credentials[x] = credentials[x].encode('ascii')
except:
s = '%s (%s) must be unicode encodable' % (x, credentials[x])
raise exceptions.TaskclusterAuthFailure(s)
self.options = o
if 'credentials' in o:
log.debug('credentials key scrubbed from logging output')
log.debug(dict((k, v) for k, v in o.items() if k != 'credentials'))
if session:
self.session = session
else:
self.session = self._createSession()
try:
data = response.json()
except Exception:
pass # Ignore JSON errors in error messages
# Find error message
message = "Unknown Server Error"
if isinstance(data, dict):
message = data.get('message')
else:
if status == 401:
message = "Authentication Error"
elif status == 500:
message = "Internal Server Error"
# Raise TaskclusterAuthFailure if this is an auth issue
if status == 401:
raise exceptions.TaskclusterAuthFailure(
message,
status_code=status,
body=data,
superExc=None
)
# Raise TaskclusterRestFailure for all other issues
raise exceptions.TaskclusterRestFailure(
message,
status_code=status,
body=data,
superExc=None
)
# Try to load JSON
try:
return response.json()
def download_artifacts(queue, task_ids):
artifact = "public/done"
for task_id in task_ids:
logger.info(f"Download from {task_id}")
# Build artifact url
try:
url = queue.buildSignedUrl("getLatestArtifact", task_id, artifact)
except taskcluster.exceptions.TaskclusterAuthFailure:
url = queue.buildUrl("getLatestArtifact", task_id, artifact)
logger.info(f"Downloading {url}")
try:
urlretrieve(url, task_id)
yield task_id
except urllib.error.HTTPError as e:
if e.getcode() == 404:
pass